Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Wednesday May 03 2017, @03:00PM   Printer-friendly
from the Using-1337-powers-for-good dept.

An Ars Technica story from 17 April, 2017 introduced us to Hajime, the vigilante botnet that infects IoT devices before blackhats can hijack them. A technical analysis published Wednesday reveals for the first time just how much technical acumen went into designing and building the renegade network, which just may be the Internet's most advanced IoT botnet.

Hajime [PDF] was first reported on in October, 2016 by Sam Edwards and Ioannis Profetis, security researchers at Rapidity Networks, a Boulder, CO based ISP.

As previously reported, Hajime uses the same list of user name and password combinations used by Mirai, the IoT botnet that spawned several record-setting denial-of-service attacks last year. Once Hajime infects an Internet-connected camera, DVR, and other Internet-of-things device, the malware blocks access to four ports known to be the most widely used vectors for infecting IoT devices. It also displays a cryptographically signed message on infected device terminals that describes its creator as "just a white hat, securing some systems."

Not your father's IoT botnet

But unlike the bare-bones functionality found in Mirai, Hajime is a full-featured package that gives the botnet reliability, stealth, and reliance that's largely unparalleled in the IoT landscape. Wednesday's technical analysis, which was written by Pascal Geenens, a researcher at security firm Radware, makes clear that the unknown person or people behind Hajime invested plenty of time and talent.

From the Ars Technica piece:

Hajime uses a decentralized peer-to-peer network to issue commands and updates to infected devices. This design makes it more resistant to takedowns by ISPs and Internet backbone providers. Hajime uses the same list of user name and password combinations Mirai uses, with the addition of two more. It also takes steps to conceal its running processes and files, a feature that makes detecting infected systems more difficult. Most interesting of all: Hajime appears to be the brainchild of a grayhat hacker, as evidenced by a cryptographically signed message it displays every 10 minutes or so on terminals. The message reads:

Just a white hat, securing some systems.
Important messages will be signed like this!
Hajime Author.
Contact CLOSED
Stay sharp!

Another sign Hajime is a vigilante-style project intended to disrupt Mirai and similar IoT botnets: It blocks access to four ports known to be vectors used to attack many IoT devices. Hajime also lacks distributed denial-of-service capabilities or any other attacking code except for the propagation code that allows one infected device to seek out and infect other vulnerable devices.

Is it right for geeks to use their powers in this way?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Touché) by Justin Case on Wednesday May 03 2017, @03:21PM (21 children)

    by Justin Case (4239) on Wednesday May 03 2017, @03:21PM (#503676) Journal

    That's specifically what government is there for-- protection.

    How's that working out for you so far?

    Starting Score:    1  point
    Moderation   +2  
       Touché=2, Total=2
    Extra 'Touché' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 2) by DannyB on Wednesday May 03 2017, @04:22PM (8 children)

    by DannyB (5839) Subscriber Badge on Wednesday May 03 2017, @04:22PM (#503733) Journal

    Decades ago there were proposed laws to make spam illegal. Yes, really illegal with teeth. The Direct Marketing Association lobbied to kill these laws. And look where we are today.

    Yeah, government will really help. :-)

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
    • (Score: 3, Insightful) by Anonymous Coward on Wednesday May 03 2017, @04:40PM (1 child)

      by Anonymous Coward on Wednesday May 03 2017, @04:40PM (#503752)

      Actually the government is working as intended. The problem is numbers. In order for 'us' ordinary people to combat the direct, focused lobbying that financially backed lobbyists can perform relies on 'us' to band together in an equally coherent and focused political opposition group and directly counter-lobby. With the shattered choose-your-own-wedge-issue political landscape that is carefully curated and tailored in this country we never will get enough of 'us' to combat the money behind 'them'. This is how 'they' game the system is by keeping 'us' unfocused. And it's working :(

      • (Score: 2) by kaszz on Wednesday May 03 2017, @08:49PM

        by kaszz (4211) on Wednesday May 03 2017, @08:49PM (#503934) Journal

        How would you counter lobby if the politician won't even hear you? And if you got them to hear you out, they would forget about it the next minute.

        BrickBot, Hajime, Second Amendment etc is all about taking action without permission from someone else.
        The 1981 case of Warren v. District of Columbia [wikipedia.org] illustrate nicely the use case of citizen enforcement and to not wait for others.

    • (Score: 2) by tangomargarine on Wednesday May 03 2017, @06:38PM (5 children)

      by tangomargarine (667) on Wednesday May 03 2017, @06:38PM (#503825)

      I'm not sure from your post--are you coming down as PRO- or ANTI-regulation in this case?

      --
      "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
      • (Score: 2) by kaszz on Wednesday May 03 2017, @08:54PM

        by kaszz (4211) on Wednesday May 03 2017, @08:54PM (#503938) Journal

        Relying on the government to regulate and fix problems won't work with co-existing lobbyists.
        In this case, shoot spammers (electronically) and ask no questions.

      • (Score: 2) by DannyB on Wednesday May 03 2017, @09:08PM (3 children)

        by DannyB (5839) Subscriber Badge on Wednesday May 03 2017, @09:08PM (#503943) Journal

        That seems like asking if I still beat my wife or not.

        It is a simple fact that there was a proposed law to make spam illegal.
        It is another fact that the Direct Marketing Association lobbied to kill it.

        It is also a fact that we have laws to make things illegal. Call it 'regulation' if you like. We make things illegal like: robbery, rape, murder. Maybe one day: spam.

        When I sarcastically say "the government will really help", I really mean: don't expect the government to help. The government is corrupt. Bought and paid for by lobbyists.

        --
        People today are educated enough to repeat what they are taught but not to question what they are taught.
        • (Score: 2) by tangomargarine on Wednesday May 03 2017, @09:15PM (1 child)

          by tangomargarine (667) on Wednesday May 03 2017, @09:15PM (#503951)

          Oh, spam mail. I guess that makes more sense, lol. I had originally read your post as:

          "There was a bill under consideration to make SPAM illegal. You can of course see how I would feel about this."
          "Umm...not really. Maybe you find SPAM tasty? Maybe you don't?"

          --
          "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
          • (Score: 2) by DannyB on Wednesday May 03 2017, @09:32PM

            by DannyB (5839) Subscriber Badge on Wednesday May 03 2017, @09:32PM (#503973) Journal

            It's not like they were going to criminalize smoking or professional sports.

            --
            People today are educated enough to repeat what they are taught but not to question what they are taught.
        • (Score: 0) by Anonymous Coward on Friday May 05 2017, @04:05PM

          by Anonymous Coward on Friday May 05 2017, @04:05PM (#504952)

          That seems like asking if I still beat my wife or not.

          How hard is it to reply "I have never, nor will I ever, physically assault a fellow human being"?

  • (Score: 0) by Anonymous Coward on Wednesday May 03 2017, @04:23PM

    by Anonymous Coward on Wednesday May 03 2017, @04:23PM (#503735)

    Wasn't going so bad until the Orange Cotton Candy Man and his cronies started mucking things up...

  • (Score: 5, Insightful) by mcgrew on Wednesday May 03 2017, @04:58PM (7 children)

    by mcgrew (701) <publish@mcgrewbooks.com> on Wednesday May 03 2017, @04:58PM (#503762) Homepage Journal

    It's working pretty damned good for me. My grandfather was involved in a horrible industrial accident that can't happen today because we have OSHA. Rivers and streams were so polluted that they caught fire, and driving past Monsanto in 95 f heat you had to roll your windows up because the air literally burned your lungs. Not since we got the EPA the Trumpenstein Monster wants to dismantle. Cars had no seat belts, let alone ABS and air bags. You can thank government regulation for all of them.

    Anyone who is against all regulation is either a fool, or an evil person profiting from a filthy environment or lack of worker safety. The love of money is the root of all evil.

    --
    mcgrewbooks.com mcgrew.info nooze.org
    • (Score: 2) by maxwell demon on Wednesday May 03 2017, @06:34PM (5 children)

      by maxwell demon (1608) on Wednesday May 03 2017, @06:34PM (#503819) Journal

      Anyone who is against all regulation is either a fool, or an evil person profiting from a filthy environment or lack of worker safety.

      Either/or? I don't think those two options are mutually exclusive.

      --
      The Tao of math: The numbers you can count are not the real numbers.
      • (Score: 2) by NotSanguine on Wednesday May 03 2017, @10:00PM (4 children)

        Anyone who is against all regulation is either a fool, or an evil person profiting from a filthy environment or lack of worker safety.

        Either/or? I don't think those two options are mutually exclusive.

        Just to clarify, which two options are you referring to as not being mutually exclusive?
        1. Being for some regulation vs. being evil or a fool
        2. Being evil vs. being a fool
        3. Being against all regulation vs. being evil or a fool

        Or is it something else? I'm not being snarky here, you were unclear (at least to me).

        --
        No, no, you're not thinking; you're just being logical. --Niels Bohr
        • (Score: 2) by maxwell demon on Wednesday May 03 2017, @11:13PM (3 children)

          by maxwell demon (1608) on Wednesday May 03 2017, @11:13PM (#504036) Journal

          My comment started (after the quote) with

          Either/or?

          Let's look for those words in the quote:

          Anyone who is against all regulation is either a fool, or an evil person profiting from a filthy environment or lack of worker safety.

          So it's being a fool (→ either) vs. being an evil person (→ or).

          In case you didn't get the point (quite likely, given that you didn't figure out what I was talking about):

          The pair either/or [merriam-webster.com] means:

          an unavoidable choice or exclusive division between only two alternatives

          So by using "either" in the above quote you claimed that it is not possible to be both a fool and an evil person. I disputed that claim.

          --
          The Tao of math: The numbers you can count are not the real numbers.
          • (Score: 2) by NotSanguine on Wednesday May 03 2017, @11:30PM (2 children)

            My comment started (after the quote) with

                    Either/or?

            Let's look for those words in the quote:

            Anyone who is against all regulation is either a fool, or an evil person profiting from a filthy environment or lack of worker safety.

            So it's being a fool (→ either) vs. being an evil person (→ or).

            In case you didn't get the point (quite likely, given that you didn't figure out what I was talking about):

            The pair either/or means:

                    an unavoidable choice or exclusive division between only two alternatives

            So by using "either" in the above quote you claimed that it is not possible to be both a fool and an evil person. I

            I didn't claim anything. It was another poster [soylentnews.org] who made that claim.

            I simply asked you to clarify. Thanks for doing so.

            I wasn't being snarky (in fact, I said just that). It's been a long day, so I guess I'm not at my best.

            I don't really take offence to your (apparently) snarky reply, although it did seem a bit excessive. However, if you thought it was me that posed the 'either/or' scenario, I can see where you might be annoyed.

            However, I simply asked you to clarify. Do you react similarly when one asks you to repeat whether you'd like HP, vinegar or perhaps salad cream on your chips?

            --
            No, no, you're not thinking; you're just being logical. --Niels Bohr
            • (Score: 2) by maxwell demon on Thursday May 04 2017, @12:09AM (1 child)

              by maxwell demon (1608) on Thursday May 04 2017, @12:09AM (#504066) Journal

              I didn't claim anything. It was another poster who made that claim.

              Oops, sorry, I didn't notice that.

              Do you react similarly when one asks you to repeat whether you'd like HP, vinegar or perhaps salad cream on your chips?

              There's a big difference between the spoken word which is gone as soon as you spoke it and which therefore is easy to miss, and the written word that is in front of you and can be read as often as you want. No, if I said it, and he said he didn't understand and asked me to repeat it, I'd just repeat it. Yes, if I had written it down in clearly legible writing, which he just read aloud in front of me, and he'd still ask me again, then I might indeed point out that I've written down my answer and he just read it aloud, so he really should know.

              --
              The Tao of math: The numbers you can count are not the real numbers.
    • (Score: 2) by kaszz on Wednesday May 03 2017, @08:58PM

      by kaszz (4211) on Wednesday May 03 2017, @08:58PM (#503940) Journal

      Regulation can also be abused to monopolize industries by raising the barrier to entry. But wiping out EPA seems like a really bad idea. I think this hints to the problem being elsewhere where both regulation and non-regulation being abused.

  • (Score: 1, Interesting) by Anonymous Coward on Wednesday May 03 2017, @05:05PM (2 children)

    by Anonymous Coward on Wednesday May 03 2017, @05:05PM (#503766)

    Don't like the IoT? Don't use it.

    Also, how is THIS working out for you? I'm starting to find it is slowly growing increasingly impossible to avoid these.

    For example I just bought a new Trane air conditioner/furnace and as is turns out the unit won't work 100% (switching in to a half assed dumbed down "fuck you" mode) if you don't use their Trane proprietary touch screen wifi enabled log-everything-you-do thermostat. (Yes, I specifically asked about interoperability with third party thermostats when getting the quote and they lied to my face about it)

    • (Score: 1, Interesting) by Anonymous Coward on Wednesday May 03 2017, @05:53PM

      by Anonymous Coward on Wednesday May 03 2017, @05:53PM (#503794)

      And they also lied on the contract, and now you are suing them?

    • (Score: 2) by kaszz on Wednesday May 03 2017, @09:02PM

      by kaszz (4211) on Wednesday May 03 2017, @09:02PM (#503941) Journal

      No alternative? and no option to crack it?